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DETAILED ACTION 

Claim Objections 

1 . Claims 1 ,23,27 and 30 are objected to because of the following 
informalities: 

2. With regard to claim 1 , there appears to be a typographical error Identify 
the" in line 1 1 . The Office recommends that the claim be amended to recite 
"identify if the". 

3. With regard to claims 23,27, and 30, there appears to by a typographical 
error "registering the first endpoint in accord with the first registration". The Office 
recommends that the claim be amended to recite "registering the second 
endpoint in accord with the first session registration". For the purpose of applying 
art, it has been interpreted as the second endpoint being registered in 
accordance with the first session registration. 

4. Appropriate correction is required. 

Claim Rejections - 35 USC §112 

5. The following is a quotation of the second paragraph of 35 U.S.C. 1 12: 

The specification shall conclude with one or more claims particularly pointing out and distinctly 
claiming the subject matter which the applicant regards as his invention. 

6. Claims 1-7, 10, 11-17,20,23,27 and 30 are rejected under 35 U.S.C. 112, 
second paragraph, as being indefinite for failing to particularly point out and 
distinctly claim the subject matter which applicant regards as the invention. 

7. Several of the claims contain limitations lacking antecedent basis. A listing 
of several locations of such problems appears below, but it should not be 
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interpreted as an exhaustive list. The claims must be amended to provide 
sufficient antecedent basis for the limitations set forth below as well as any other 
limitations lacking antecedent basis of which Applicant may become aware. 

8. Claim 1 recites the limitation "the non-routable network address" in line 6. 
There is insufficient antecedent basis for this limitation in the claim. 

9. Claim 4 recites the limitation "the second network address" in line 4. 
There is insufficient antecedent basis for this limitation in the claim. 

10. Claim 4 recites the limitation "the entry" in line 8. There is insufficient 
antecedent basis for this limitation in the claim. 

1 1 . Claim 5 recites the limitation "said protocol data" in lines 4 and 6. There is 
insufficient antecedent basis for this limitation in the claim. 

12. Claim 5 recites the limitation "the non-routable network address" in lines 6- 
7. There is insufficient antecedent basis for this limitation in the claim. 

13. Claim 5 recites the limitation "the routable address" in lines 8-9. There is 
insufficient antecedent basis for this limitation in the claim. 

14. Claim 6 recites the limitation "the non-routable address" in line 5. There is 
insufficient antecedent basis for this limitation in the claim. 

15. Claim 6 recites the limitation "the routable address" in line 6-7. There is 
insufficient antecedent basis for this limitation in the claim. 

16. Claim 7 recites the limitation "the acknowledgment" in line 2. There is 
insufficient antecedent basis for this limitation in the claim. 

17. Claim 7 recites the limitation "the non-routable address" in lines 3-4. 
There is insufficient antecedent basis for this limitation in the claim. 
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1 8. With regard to claims 8-1 0, it is unclear where the steps of the method are 
performed. It appears that the steps in claims 8 and 9 are being performed by the 
registration server, while the steps in claim 10 are being performed in the first 
and second endpoints. 

19. With further regard to claim 10, the last two steps are unclear. Page 12, 
Lines 15-21 of the present application contradicts what appears to be claimed in 
claim 10, and the language used is unclear. 

20. Claim 10 recites the limitation "the second network address" in line 5. 
There is insufficient antecedent basis for this limitation in the claim. 

21 . With regard to claims 23, 27, and 30, there are several instances in which 
"first" and "second" appear to have been inadvertently interchanged, making the 
claim unclear. Based. upon the specification, the claim has been interpreted to 
mean that the registration server receives session registrations from both the first 
and second endpoints. The first endpoint, behind a NAT, is registered with 
respect to the routable address associated with the NAT. The second endpoint, 
which is not located behind a NAT, is registered with respect to its routable 
address. 

22. Claims 11, 14, 15, 16,17 and 20 are also rejected for the reasons cited for 
claims 1 ,4,5,6,7 and 10, respectively. 

23. All claims not individually rejected are rejected by virtue of their 
dependency from the above claims. 
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Claim Rejections « 35 USC § 102 

24. The following is a quotation of the appropriate paragraphs of 35 
U.S.C. 102 that form the basis for the rejections under this section made in this 
Office action: 

A person shall be entitled to a patent unless - 

(e) the invention was described in (1) an application for patent, published under section 
122(b), by another filed in the United States before the invention by the applicant for patent or 
(2) a patent granted on an application for patent by another filed in the United States before 
the invention by the applicant for patent, except that an international application filed under 
the treaty defined in section 351(a) shall have the effects for purposes of this subsection of an 
application filed in the United States only if the international application designated the United 
States and was published under Article 21(2) of such treaty in the English language. 

25. Claims 1-3,5,8,9,1 1-13,15,18,19, and 21-30 are rejected under 35 
U.S.C. 102(e) as being anticipated by Goldberg et al. (WO 02/03217). 

26. With regard to claim 1, Goldberg et al. (Goldberg, hereafter) discloses a 
communication protocol for initiating a communication session through a network 
translation device which translates internal network traffic having an internal 
addresses and ports into external traffic having an apparent external origin 
address and port, the protocol comprising: preparing a session setup (IP and 
port) (Page 6, Lines 21-23) for a session from a first machine (Client A) having 
the non-routable network address to a second machine (application server), the 
session setup indicating a non-routable address (internal IP address) to which to 
send a session acknowledgement; and sending the session setup to the second 
machine through the network translation device, wherein said network translation 
device does not translate the session setup (Session info is sent as data, so no 
translation occurs); wherein the second machine is configured to inspect the 
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session setup and identify the session setup includes the non-routable address 
(Page 7, Lines 4-9). 

27. With regard to claim 2, Goldberg further discloses including a first port in 
said session setup for communicating with a communication endpoint, wherein 
translation by the network translation device results in the session setup having 
an apparent origin and a second port (IP/port in the header) different from the 
non-routable address and the first port in said session setup (IP/Port in data), 
and wherein the second machine is configured to inspect said protocol data and 
identify the non-routable address (Page 7, Lines 4-9). 

28. With regard to claim 3, Goldberg further discloses that said endpoint is a 
selected one of: the second machine, and a registration server for registering 
communication endpoints (Application server registers clients to control 
connections) (Page 7, Lines 10-15). 

29. With regard to claim 5, Goldberg further discloses that the second 
machine 

is a registration server (application server) for registering machine aliases with 
network addresses (coordinates the link establishment between the devices) 
(Page 6, Lines 15-17), the protocol further comprising the registration server: 
receiving the session setup, said session setup comprising said protocol data 
including an alias for the first machine, examining said protocol data so as to 
identify whether it comprises the non-routable network address (Page 6, Liens 
21-23); and if so, registering the first machine with respect to the alias and the 
routable address. 
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While Goldberg fails to specifically disclose the embedded alias as being 
part of the protocol data or registering the endpoint, these limitations are 
inherent. Since the other information in the registration (IP address and port) is 
not uniquely identifying, an alias must be provided in order to form as association 
between the external address and the specific computer. Two machines behind 
different NAT devices could share an identical internal IP address and port, 
making the registration process invalid without a unique identifier, since Goldberg 
discloses that the application server can handle communication between two 
different NAT networks. 

While the specific step of registering the first endpoint with the apparent 
origin address, embedded port, and embedded alias is not disclosed by 
Goldberg, the application server notifies the second client of the external address 
and port required to contact client A behind the NAT (Page 9, Lines 26-31 ). The 
application server would not know this information unless it has stored it when 
determining that client A was behind a NAT. Therefore, this limitation is present 
in the system disclosed by Goldberg despite the lack of a specific reference to it. 
30. With regard to claim 8, Goldberg discloses a method for communicating 
between a first endpoint (Client A) behind a network address translator (NAT) 
and a second endpoint (application server), comprising: receiving a first 
registration for the first endpoint, said registration comprising an embedded 
address (IP address) and embedded port for the first endpoint (Page 6, Lines 21- 
23), wherein said registration has an apparent origin address of the NAT 
(external address) (Page 8, Lines 25-27); determining the embedded network 
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address is a non-routable address (Different from the external address) (Page 7, 
Lines 4-9). 

While Goldberg fails to specifically disclose the embedded alias as being 
part of the registration or registering the endpoint, these limitations are inherent. 
Since the other information in the registration (IP address and port) is not 
uniquely identifying, an alias must be provided in order to form as association 
between the external address and the specific computer. Two machines behind 
different NAT devices could share an identical internal IP address and port, 
making the registration process invalid without a unique identifier, since Goldberg 
discloses that the application server can handle communication between two 
different NAT networks. 

While the specific step of registering the first endpoint with the apparent 
origin address, embedded port, and embedded alias is not disclosed by 
Goldberg, the application server notifies the second client of the external address 
and port required to contact client A behind the NAT (Page 9, Lines 26-31 ). The 
application server would not know this information unless it has stored it when 
determining that client A was behind a NAT. Therefore, this limitation is present 
in the system disclosed by Goldberg despite the lack of a specific reference to it. 
31 . With regard to claim 9, Goldberg further discloses receiving from the 
second endpoint a resolution request for the alias (INFO/NAT message) (Page 
20, Lines 20-21 ); replying to said request with at least the apparent origin 
address (relNVITE message); receiving a session setup from the second 
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endpoint (response w/SDP); and forwarding the session setup to the first 
endpoint at the apparent origin address (Page 20, Lines 20-30). 

32. With regard to claim 21 , Goldberg discloses a method for a first endpoint 
internal to a network translation device to set up a communication session with a 
second endpoint external to the network translation device, the method 
comprising: contacting a registration server to resolve an alias for the second 
endpoint (INVITE/SDP is sent to app server); receiving a first session registration 
from the registration server (INFO/NAT message is received from app server), 
the first session registration comprising a network address for the second 
endpoint that is routable, and a content port to which content should be sent to 
for the second endpoint (Page 20, Lines 13-15); and priming the network 
translation device, by sending at least one network packet to the second 
endpoint at the routable address on the content port, before completing setting 
up the communication session with the second endpoint (Send RTP/NAT 
message) (Page 20, Lines 2-30 and Fig 12). 

33. With regard to claim 22, Goldberg further discloses sending a second 
session registration for the first endpoint to the registration server, the second 
session registration comprising a network address for the first endpoint that is 
non-routable (Page 19, Lines 18-20). 

34. With regard to claim 23, in accordance with the interpretation set forth in 
the 35 U.S.C. 112, second paragraph, rejection of claim 23, Goldberg further 
discloses that the registration server receives session registrations from both the 
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first and second endpoints. The server first determines which endpoints are 
located behind a NAT (Page 19, Liens 12-20). While Goldberg fails to specifically 
disclose that the devices are registered, this limitation is inherent, because the 
server provides the appropriate addressing information to each endpoint when 
assisting with the connection setup (Page 20, Lines 2-30). 

35. With regard to claim 24, Goldberg further discloses that the registration 
server is configured to identify the non-routable network address within the 
second session registration, and responsive to said identifying, registering the 
first endpoint with respect to a routable address associated with the network 
translation device (Page 19, Lines 14-20). 

36. Claims 11-13,15, and 18-19 are rejected for the same reasons cited for 
claims 1-3,5, and 8-9, respectively. The limitations set forth in the body of the 
claims are identical to the limitations set forth for claims 1-3,5, and 8-9. The 
further limitations set forth in the preamble are inherent. 

37. Claims 25-27 and 28-30 are rejected for the same reasons cited for claims 
21-23, respectively. The limitations set forth in the body of the claims are 
identical to the limitations set forth for claims 21-23. The further limitations set 
forth in the preamble are inherent. 

Claim Rejections - 35 USC § 103 

38. The following is a quotation of 35 U.S.C. 103(a) which forms the basis for 
all obviousness rejections set forth in this Office action: 

(a) A patent may not be obtained though the invention is not identically disclosed or described 
as set forth in section 1 02 of this title, if the differences between the subject matter sought to 
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be patented and the prior art are such that the subject matter as a whole would have been 
obvious at the time the invention was made to a person having ordinary skill in the art to which 
said subject matter pertains. Patentability shall not be negatived by the manner in which the 
invention was made. 

39. Claims 4 and 14 are rejected under 35 U.S.C. 103(a) as being 
unpatentable over Goldberg et al. (WO 02/03217) in view of Network Safety. 

40. With regard to claims 4 and 14, while the system disclosed by Goldberg 
shows substantial features of the claimed invention (discussed above), it fails to 
disclose the network address translation device: receiving the session setup for 
the session to the second machine; sending the session setup to the second 
network address; recording said sending in an access authorization table; 
receiving data from a network; and comparing said received data with at least a 
portion of the access authorization table the entry to determine if said received 
data is responsive to said sending. 

Network Safety teach a method of providing enhanced network security in 
a NAT by only forwarding incoming messages which exactly match a connection. 
By recording all outgoing sessions, the responses to those sessions can be 
forwarded to the appropriate machines inside the Nat, while other traffic can be 
dropped. This helps to prevent unauthorized access to machines inside the NAT, 
increasing the security of the network. 

Therefore, it would have been obvious to one of ordinary skill in the art at 
the time the invention was made to record outgoing connections in an access 
table within the NAT, and check incoming messages to see if they match entries 
in the table. This allows unauthorized traffic to be prevented from entering the 
network, increasing security. 
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Conclusion 

41 . The prior art made of record and not relied upon is considered pertinent to 
applicant's disclosure. 

42. If a copy of a provisional application listed on the bottom portion of the 
accompanying Notice of References Cited (PTO-892) form is not included with 
this Office action and the PTO-892 has been annotated to indicate that the copy 
was not readily available, it is because the copy could not be readily obtained 
when the Office action was mailed. Should applicant desire a copy of such a 
provisional application, applicant should promptly request the copy from the 
Office of Public, Records (OPR) in accordance with 37 CFR 1 .14(a)(1)(iv), paying 
the required fee under 37 CFR 1.19(b)(1). If a copy is ordered from OPR, the 
shortened statutory period for reply to this Office action will not be reset under 
MPEP § 710.06 unless applicant can demonstrate a substantial delay by the 
Office in fulfilling the order for the copy of the provisional application. Where the 
applicant has been notified on the PTO-892 that a copy of the provisional 
application is not readily available, the provision of MPEP § 707.05(a) that a copy 
of the cited reference will be automatically furnished without charge does not 
apply. 

43. Any inquiry concerning this communication or earlier communications from 
the examiner should be directed to Aaron Strange whose telephone number is 
703-305-8878. The examiner can normally be reached on M-F 8:30-5:00. 
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If attempts to reach the examiner by telephone are unsuccessful, the 
examiner's supervisor, Glen Burgess can be reached on 703-305-4792. The fax 
phone number for the organization where this application or proceeding is 
assigned is 703-872-9306. 

Information regarding the status of an application may be obtained from 
the Patent Application Information Retrieval (PAIR) system. Status information 
for published applications may be obtained from either Private PAIR or Public 
PAIR. Status information for unpublished applications is available through 
Private PAIR only. For more information about the PAIR system, see http://pair- 
direct.uspto.gov. Should you have questions on access to the Private PAIR 
system, contact the Electronic Business Center (EBC) at 866-217-9197 (toll- 
free). 

AN S 7/21/2004 




